Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Hardware vs RAS/IAS & SSL

Status
Not open for further replies.

1DMF

Programmer
Jan 18, 2005
8,795
GB
Hi,

We currently have our remote access users set up so they must go to certificate services and download a user SSL certificate. (which I control access to via IIS)

I have then set up RRAS/IAS to only allow SSL certificated users to connect to the work server via VPN.

However, our support company says this is an obscure and non-standard way of setting up VPN.

Yet when they messed with it they tried to set it up so it allowed username / password to connect and not SSL. (doesn't this send credentials in plain text?)

Surely their way is much more unsecure plus the data transfer wouldn't be encrypted.

They now have suggested we should get a VPN box for VPN users.

Why are they suggesting this, what's wrong with using the server's RRAS & ISA with SSL encryption / security.

What does a VPN box do, how is it better or 'the normal way' of doing things.

Why on earth do they think the way I have it configured is obscure and non-standard?

I'm a little confused over this, so your advice is appreciated.

Thanks,
1DMF.

"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Google Rank Extractor -> Perl beta with FusionCharts
 
What type of VPN? If it's IPSEC, then ALL communication is encrypted.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
What type of VPN? If it's IPSEC, then ALL communication is encrypted.
Sorry I don't understand the question.

1. Do you mean what sort of box are we thinking of getting

or

2. What sort of VPN we are currently using?

1. I don't know, that's why I am asking the question, what's the difference, what does a box do that my current set up doesn't and what's so odd about our current set up?

2. It's SSL encryption, as I mentioned, you go to windows network connections, add a new connection, choose VPN and set it up to use the SSL certificate as the 'smart card or certificate' option.

As I understood it, if you just used username and password, it's plain text, can anyone confirm this please?



"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Google Rank Extractor -> Perl beta with FusionCharts
 
If it is a true SSL VPN, then a username and password are not cleartext---encrypted with 128 bit SSL.

I am unfamiliar with W1nd0z3 VPNs, however.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top